Mobile payments, smurfs and emerging threats

Former US Treasury Special Agent John Cassara: M-Payments will take laundering dirty money to new levels

By John A. Cassara, Industry Adviser to SAS Federal LLC

A remote Kenyan villager uses his cell phone as a “virtual wallet.” Why does this new technology potentially pose a global anti-money laundering threat?

Answer: In my intelligence and law enforcement career, I have seen time and again how criminals gravitate toward the weak link. Organized crime values the ability to receive and distribute funds without being subject to financial transparency. So in our increasingly interconnected global village, criminal elements will assuredly take advantage of innovative developments in mobile banking, commerce and communications to further criminal endeavors and launder illicit funds.

We are witnessing a plethora of new, high-tech value transfer systems that can be abused to launder money and finance terror. The Financial Action Task Force (FATF) the global anti-money laundering policy making body calls them “new payment methods” or NPMs. Examples include digital precious metals, Internet payment services, prepaid calling and credit cards and mobile payments or “M-Payments.” Although the technology and terminology are changing rapidly, generally speaking M-Payments are acknowledged to mean the use of a cell phone to credit, send, receive, transfer money or digital value.

By 2020, experts predict more than 50 billion connected devices. Assuredly, criminals will be attracted to this new financial and communications medium.

Today only 1.5 billion people have direct access to financial services, but there are more than 5 billion cell phones. In the next five years, there are likely to be as many mobile cellular subscriptions as there are people on this planet. By 2020, experts predict more than 50 billion connected devices. Assuredly, criminals and criminal organizations will be attracted to this new financial and communications medium.

Advantages and pitfalls of emerging markets

In many areas in the developing world, mobile communications have allowed societies to leapfrog over old land-land technology. The rapid spread of cell phones is a major contributor to developing much-needed access to financial services. Ghana, the Philippines, and Kenya, are examples of countries where financial services are now being offered via cell phones. Subscribers can pay bills, transfer money, receive credits, open accounts, and check balances. Workers can be paid by phone. Goods and services can be purchased. Before leaving on a trip, a subscriber can deposit money and then withdraw funds at the other end, which has many advantages over carrying a significant amount of cash. M-payment technology allow communities to bypass both brick-and-mortar banks and ATMs. The new mobile technology potentially provides a virtual ATM or a virtual wallet to every cell phone user.

M-Payments are already being used by many expatriates and guest workers who wish to send part of their wages home to support their families. M-payment remittances are replacing the use of traditional banks and money service businesses that historically have charged high fees for small transfers. Ironically, M-Payments will also encourage some users to bypass the use of underground remittance systems such as hawala that have stymied law enforcement and intelligence officials.

One of the most robust examples of M-Payments in operation is found in Kenya. In 2007, Kenya’s Safaricom launched its pioneering mobile payment program called “M-Pesa.” (Pesa means ‘money’ in Swahili). It was an instant hit. Today M-Pesa transfers more than $1 billion monthly in East Africa.

How does it work? In Kenya, there are more than 100,000 small retailers involved in the selling of mobile-phone airtime, generally in the form of scratch cards. The small retailers can also register to be mobile-money agents, taking in and paying out cash. Tens of thousands of them have already signed up as M-Pesa agents – far outnumbering Kenya’s approximately 1000 bank branches.

When a customer is registered with M-Pesa, paying in cash involves exchanging physical money for virtual value, sometimes called e-float. The value is credited to his mobile-money account. There is a small fee of 3-5 percent – generally depending on the amount transferred. The recipient next receives a text message with notice of the transfer of credit to his or her electronic wallet. E-float value can then be transferred to other users by mobile phone, and exchanged for cash by the recipient, who visits another licensed agent. The recipient can also go to a subscribing retail store, bank, formal money remitter, or even a fast-food restaurant to use the credit. Additional financial services are being introduced. Multi-nationals such as McDonalds, Starbucks,Western Union and a number of banks are rushing to incorporate M-payments.

In the US, M-Payments are projected to gross $214 billion by 2015, including transactions involving mobile bill payments and carrier billing transactions. However, thus far, US consumers have been slow to adopt mobile payments for many reasons including interoperability, doubts about security, availability and consumer protection issues.

Today’s security challenges

Fraud and security threats are on the rise, making it difficult to overcome the associated information overload.

Current systems don’t support robust analytical modeling, making it practically impossible to process and analyze information fast enough to make a difference.

Different departments often have disparate data sources and processes, so it’s impossible to spot suspicious activity across the enterprise.

There aren’t enough resources available to investigate all suspicious activity, so many threats may go unaddressed.

Stopping the dirty money spread

Treasury's Financial Crimes Enforcement Network (FinCEN) has ruled that mobile payments service providers would most likely be a money services business (MSB) under FinCEN's regulations, and as such "must register and comply with all the reporting, recordkeeping, and monitoring requirements applicable to a money transmitter." Unfortunately, those same requirements have not stopped widespread money laundering in other types of formal and informal money service businesses. We can also expect the telecommunications industry and others involved to push back against costly anti-money laundering MSB compliance requirements.

With M-Payments I am most concerned about digital value smurfing—a term coined by the Asian Development Bank. In traditional money laundering, “smurfs” or runners deposit or place small amounts of illicit or dirty money into financial institutions in ways that do not trigger financial transparency reporting requirements. Digital smurfs can be given dirty money and directed to load their cell phones with digital value – conforming to any legal or reporting limit. Dozens or even hundreds of digital smurfs could then be directed to transfer the value to accounts controlled by organized crime.

With such transfers, criminals are able to avoid traditional money laundering vulnerabilities such as transporting bulk cash and financial transparency reporting requirements. They will be able to place dirty money into new financial communications mediums that are not skilled at detecting criminal schemes. Further advantages for money launderers employing digital value smurfing include the quick conversion of cash to digital value, and the potential to employ different digital value pools such as on-line accounts and Internet payment clearing services. M-Payments will take the placement and layering stages of laundering dirty money to new levels.

Law enforcement will be further challenged by issues such as venue, jurisdiction and competency. The expertise to systematically track M-Payments simply does not exist. A lack of physical evidence further handicaps law enforcement investigations, as there may not be any cash or money equivalents to monitor or seize. If the conveyor or recipient phone is destroyed, it may be impossible to reconstruct or determine the information that was on the phone. If the communications service and M-Payments are prepaid, the service provider may not fully identify its customers. The problems could be compounded by the use of false identification to obtain subscriber status or to purchase or rent M-payment services. Using prepaid cellular phones could allow criminals use their minutes without leaving a trace of their calling records.

Money launderers and those that finance terrorism will avail themselves of the new M-payment systems. Responsible jurisdictions must find a balance between the expediency of M-Payments, privacy and the need to guard against abuse.

M-Payments generate big data. Viable integrated countermeasures will surely incorporate sophisticated analytics. In the United States, industry, law enforcement, and regulators must work together now before it is too late to engineer meaningful safeguards into M-payment technology and services.